Multiple vulnerabilities in Apple iOS
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 22 |
| CVE-ID | CVE-2018-4303 CVE-2018-4465 CVE-2018-4447 CVE-2018-4461 CVE-2018-4430 CVE-2018-4446 CVE-2018-4460 CVE-2018-4431 CVE-2018-4435 CVE-2018-4429 CVE-2018-4439 CVE-2018-4436 CVE-2018-4440 CVE-2018-4445 CVE-2018-4441 CVE-2018-4442 CVE-2018-4443 CVE-2018-4438 CVE-2018-4437 CVE-2018-4464 CVE-2018-4421 CVE-2018-4456 |
| CWE-ID | CWE-843 CWE-119 CWE-200 CWE-264 CWE-20 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #15 is available. |
| Vulnerable software Subscribe |
Apple iOS Operating systems & Components / Operating system macOS Operating systems & Components / Operating system |
| Vendor |
Apple Inc. |
Security Bulletin
This security bulletin contains information about 22 vulnerabilities.
2018-12-21 - added CVE-2018-4456 and CVE-2018-4421.
1) Type confusion
EUVDB-ID: #VU16285
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4303
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to type confusion in the Airport component. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges.
MitigationUpdate to version 12.1.1.
Vulnerable software versionsApple iOS: 12.0 16A366 - 12.1 16B92
External linkshttp://support.apple.com/en-us/HT209340
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory corruption
EUVDB-ID: #VU16286
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4465
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in the Disk Images component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 12.1.1.
Vulnerable software versionsApple iOS: 12.0 16A366 - 12.1 16B92
External linkshttp://support.apple.com/en-us/HT209340
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory corruption
EUVDB-ID: #VU16287
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4447
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in the Kernel component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 12.1.1.
Vulnerable software versionsApple iOS: 12.0 16A366 - 12.1 16B92
External linkshttp://support.apple.com/en-us/HT209340
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory corruption
EUVDB-ID: #VU16288
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4461
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in the Kernel component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 12.1.1.
Vulnerable software versionsApple iOS: 12.0 16A366 - 12.1 16B92
External linkshttp://support.apple.com/en-us/HT209340
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU16289
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4430
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
Description
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an error in the FaceTime component. A local attacker can trigger a state management error and access to contacts on a locked device.
MitigationUpdate to version 12.1.1.
Vulnerable software versionsApple iOS: 12.0 16A366 - 12.1 16B92
External linkshttp://support.apple.com/en-us/HT209340
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU16290
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4446
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
Description
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an error in the File Provider component. A local attacker can run a specially crafted application and learn information about the presence of other applications on the device.
MitigationUpdate to version 12.1.1.
Vulnerable software versionsApple iOS: 12.0 16A366 - 12.1 16B92
External linkshttp://support.apple.com/en-us/HT209340
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Denial of service
EUVDB-ID: #VU16291
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4460
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
Description
The vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to an error in the Kernel component. A local attacker can conduct DoS attack and cause the device to crash.
MitigationUpdate to version 12.1.1.
Vulnerable software versionsApple iOS: 12.0 16A366 - 12.1 16B92
External linkshttp://support.apple.com/en-us/HT209340
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Information disclosure
EUVDB-ID: #VU16292
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-4431
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
Description
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to a boundary error in the Kernel component. A local attacker can trigger memory corruption and read kernel memory.
MitigationUpdate to version 12.1.1.
Vulnerable software versionsApple iOS: 12.0 16A366 - 12.1 16B92
External linkshttp://support.apple.com/en-us/HT209340
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Privilege escalation
EUVDB-ID: #VU16293
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4435
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to a logic issue in the Kernel component. A local attacker can run a specially crafted application and gain elevated privileges.
MitigationUpdate to version 12.1.1.
Vulnerable software versionsApple iOS: 12.0 16A366 - 12.1 16B92
External linkshttp://support.apple.com/en-us/HT209340
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Spoofing attack
EUVDB-ID: #VU16294
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4429
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to conduct spoofing attack on the target system.
The weakness exists due to insufficient validation of user-supplied input in the LinkPresentation component. A remote attacker can send a specially crafted mail message and spoof UI.
MitigationUpdate to version 12.1.1.
Vulnerable software versionsApple iOS: 12.0 16A366 - 12.1 16B92
External linkshttp://support.apple.com/en-us/HT209340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Spoofing attack
EUVDB-ID: #VU16295
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4439
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to conduct spoofing attack on the target system.
The weakness exists due to insufficient validation of user-supplied input in the Safari component. A remote attacker can send a specially crafted mail message and spoof UI.
MitigationUpdate to version 12.1.1.
Vulnerable software versionsApple iOS: 12.0 16A366 - 12.1 16B92
External linkshttp://support.apple.com/en-us/HT209340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Security restrictions bypass
EUVDB-ID: #VU16296
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4436
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a local attacker to bypass security restrictions on the target system.
The weakness exists due insufficient validation of certificates in the Profiles component. A local attacker can bypass security restrictions and cause an untrusted configuration profile to be incorrectly displayed as verified.
MitigationUpdate to version 12.1.1.
Vulnerable software versionsApple iOS: 12.0 16A366 - 12.1 16B92
External linkshttp://support.apple.com/en-us/HT209340
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Spoofing attack
EUVDB-ID: #VU16297
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4440
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to conduct spoofing attack on the target system.
The weakness exists due to insufficient validation of user-supplied input in the Safari component. A remote attacker can trick the victim into visiting a specially crafted website, trigger state management error and spoof address bar.
MitigationUpdate to version 12.1.1.
Vulnerable software versionsApple iOS: 12.0 16A366 - 12.1 16B92
External linkshttp://support.apple.com/en-us/HT209340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Security restrictions bypass
EUVDB-ID: #VU16298
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4445
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists in the Safari component due "Clear History and Website Data" did not clear the history. A remote attacker can bypass security restrictions and prevent fully deletion of browsing history.
MitigationUpdate to version 12.1.1.
Vulnerable software versionsApple iOS: 12.0 16A366 - 12.1 16B92
External linkshttp://support.apple.com/en-us/HT209340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Memory corruption
EUVDB-ID: #VU16299
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-4441
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the Webkit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 12.1.1.
Vulnerable software versionsApple iOS: 12.0 16A366 - 12.1 16B92
External linkshttp://support.apple.com/en-us/HT209340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
16) Memory corruption
EUVDB-ID: #VU16300
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4442
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the Webkit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 12.1.1.
Vulnerable software versionsApple iOS: 12.0 16A366 - 12.1 16B92
External linkshttp://support.apple.com/en-us/HT209340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Memory corruption
EUVDB-ID: #VU16301
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4443
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the Webkit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 12.1.1.
Vulnerable software versionsApple iOS: 12.0 16A366 - 12.1 16B92
External linkshttp://support.apple.com/en-us/HT209340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Memory corruption
EUVDB-ID: #VU16302
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4438
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the Webkit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger state management error and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 12.1.1.
Vulnerable software versionsApple iOS: 12.0 16A366 - 12.1 16B92
External linkshttp://support.apple.com/en-us/HT209340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Memory corruption
EUVDB-ID: #VU16303
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4437
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the Webkit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 12.1.1.
Vulnerable software versionsApple iOS: 12.0 16A366 - 12.1 16B92
External linkshttp://support.apple.com/en-us/HT209340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Memory corruption
EUVDB-ID: #VU16304
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4464
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the Webkit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 12.1.1.
Vulnerable software versionsApple iOS: 12.0 16A366 - 12.1 16B92
External linkshttp://support.apple.com/en-us/HT209340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Memory corruption
EUVDB-ID: #VU16944
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4421
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to a boundary error in the Intel Graphics Driver component. A local attacker can run a specially crafted application and execute arbitrary code with kernel privileges.
MitigationUpdate to version 10.14.2.
Vulnerable software versionsmacOS: 10.13.4 17E199
External linkshttp://support.apple.com/en-gb/HT209341
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Memory corruption
EUVDB-ID: #VU16943
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4456
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to a boundary error in the Intel Graphics Driver component. A local attacker can run a specially crafted application and execute arbitrary code with kernel privileges.
MitigationUpdate to version 10.14.2.
Vulnerable software versionsmacOS: 10.13.4 17E199
External linkshttp://support.apple.com/en-gb/HT209341
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
